Question-and-answer site Quora was hacked and data on about 100 million users was exposed. The service, founded in 2009, is widely used. The news comes just days after that of a Marriott hack, which compromised about 300 million records.
The company’s CEO Adam D’Angelo wrote in a blog post:
For approximately 100 million Quora users, the following information may have been compromised:
Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users
Public content and actions, e.g. questions, answers, comments, upvotes
Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)
As for precautions, he wrote:
While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.
What is the company doing according to the post?
While our investigation continues, we’re taking additional steps to improve our security:
We’re in the process of notifying users whose data has been compromised.
Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.